analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://fovanab.world/

Full analysis: https://app.any.run/tasks/8481c8d9-000e-41fa-9f3c-bd3cb28dedbd
Verdict: Malicious activity
Analysis date: June 27, 2022, 09:25:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

17FFAC9A227741A0493B9B60023D2437

SHA1:

C0C2232EEC29B4426891BDA308E3C27760832320

SHA256:

85FB1775DA87B4953F377A298B0099F7B21DF99D7DA836602C7BEDCB4A092B6C

SSDEEP:

3:N1KYIL5Xyn:CYII

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3348)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3348)
      • iexplore.exe (PID: 2860)
    • Reads the computer name

      • iexplore.exe (PID: 2860)
      • iexplore.exe (PID: 3348)
    • Changes internet zones settings

      • iexplore.exe (PID: 2860)
    • Application launched itself

      • iexplore.exe (PID: 2860)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2860)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 2860)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3348)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2860"C:\Program Files\Internet Explorer\iexplore.exe" "http://fovanab.world/"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
3348"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2860 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
Total events
6 624
Read events
6 507
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
5
Text files
15
Unknown types
2

Dropped files

PID
Process
Filename
Type
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_content_bottom_bg[1].jpgimage
MD5:A9FBBFE18E151466983711EAC29970E4
SHA256:D275B0D267CB4FB67BE9589F67FC3F817E8AF87E5889D7689480BA21DD57A9C2
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\templatemo_bg[1].jpgimage
MD5:2955EBEBF412226677C21BEABC30027D
SHA256:1F8CE42F99168C469F7CEA08689B4D6A365C06D546EBC633AAFBB807DCEB4AC1
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\templatemo_title_bg[1].jpgimage
MD5:5872966C8C659E141C03FDDA77DA07B9
SHA256:3E6C15C4E7B9ED4FD0B1C234AB77B5CC0CE17F73259B7CCB2BE71D355A280675
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_content_bg[1].jpgimage
MD5:D1C0EEE9DD657D4415E49394C129C520
SHA256:5D8230DD39287CC9721C7C42B9D8478B5E00220B98B5F0AEFD52E113214D70AF
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\style[1].csstext
MD5:0E03B980399D51173A6E0A9A89602D85
SHA256:6BC804F5617156399AEECC57E3503E69AE9E92EABDFD286EC20569CBF98BFC0C
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:AEF3E47E85D04318D19813601D23C6E5
SHA256:6199BEC27A62FAE649300723DA53808CE8E99C4DC12F7824443101104786FF9A
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\templatemo_banner_bg[1].jpgimage
MD5:F1033D58772133A346118C23E7A5A508
SHA256:12224DCA331032264A8C38C2B9B7E36F36AA7A217AE0F40D63BC7897B9A625F3
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\LI9HEVDN.htmhtml
MD5:3395A862FF51370735D9C094734FB378
SHA256:27AB06B7397748426D955DD324321584B4DD84A7B97ABFECAE947EBCDC77A2DC
2860iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776der
MD5:790E40386A5478B54787C28956E029D7
SHA256:2A14CA44FA89C53F53111C7CAAE9155A460FA162BD822CCEAF7B7F74B8390557
3348iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\templatemo_bottom_section_bg[1].jpgimage
MD5:5E5DE4CDECABFCBF15063F47954F7B2E
SHA256:08919E27287FE0C42F5265963B952F9BEB6E6AA1D6B598F1AF49F9D705FABE8B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
23
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/
US
html
2.32 Kb
suspicious
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_bg.jpg
US
image
595 b
suspicious
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/style.css
US
text
4.40 Kb
suspicious
2860
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_menu_divider.jpg
US
image
353 b
suspicious
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_menu_bg.jpg
US
image
6.06 Kb
suspicious
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_bottom_section_bg.jpg
US
image
5.61 Kb
suspicious
2860
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8b525615f1002530
US
compressed
4.70 Kb
whitelisted
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_title_bg.jpg
US
image
8.27 Kb
suspicious
3348
iexplore.exe
GET
200
69.39.239.44:80
http://fovanab.world/images/templatemo_content_bg.jpg
US
image
555 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3348
iexplore.exe
69.39.239.44:80
fovanab.world
GigeNET
US
suspicious
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2860
iexplore.exe
69.39.239.44:80
fovanab.world
GigeNET
US
suspicious
69.39.239.44:80
fovanab.world
GigeNET
US
suspicious
2860
iexplore.exe
13.107.22.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2860
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2860
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2860
iexplore.exe
131.253.33.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
2860
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
fovanab.world
  • 69.39.239.44
suspicious
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.22.200
  • 131.253.33.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Observed DNS Query to .world TLD
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
3348
iexplore.exe
Potentially Bad Traffic
ET INFO HTTP Request to Suspicious *.world Domain
No debug info